Currently there are newly active vulnerability for wordpress related with revslider plugin. This plugins is a premium plugin but some user does not aware about it because some themes already bundled with it.

Attack sequence.

1. Discovery. Normally the bot will try to find vulnerable version of the plugins.

2. Exploit. It will use the script to upload malicious theme to the site

3. Take over. If the exploit successful it will inject Fileman backdoor.